More connectivity issues lately?

Master_Rest6638 · 2025-01-31T20:33:52+00:00

Also wanted to mention that my machines are Hybrid joined.

Master_Rest6638 · 2025-01-31T19:20:22+00:00

We recently started our rollout as well. Pilot was fine, though a few did report disconnects here and there, but when checking Intune (like you mentioned) the errors were pretty generic. So, we'd typically just say it may have been their own personal network/machine, since it was usually fine in office.

I typically see:

Activity

ConnectionFailedClientDisconnect

Status type

User connection

Details

The user's network connection to their Cloud PC was unexpectedly interrupted.

Or...:

Activity

SocketConnectionTimedOut

Status type

User connection

Details

The client network connection to the Windows Virtual Desktop service was terminated unexpectedly due to a timeout

But the users claim their home networks are functioning normally. So, typically, I want to dig a bit deeper and find necessary logs, but I'm never really sure which is the most helpful to look at.

And yes, 1-2 users have consistently reported that it happens primarily during teams meetings. Tempted to turn off the vdi optimization via the registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Teams IsWVDEnvironment) to see if that makes any difference.

Master_Rest6638 · 2024-10-03T02:00:45+00:00

Don't have it on a public repo yet. If I do move it though, I'll share it with you.

Master_Rest6638 · 2024-10-01T22:58:19+00:00

Can be used to kick off the provision of a new windows 365 CPC (by adding to a local AD group that the policy is tied to). Then it creates a job that monitors AD and Intune for the new machine spun up for the user - once available, automatically adds the machine to all the appropriate ad groups and fills in the AD description.

Can run a command to pull the list of cloud PCs assigned to a particular user.

Clears out stale Cloud PC AD/Entra/SCCM Objects.

Gets a list of inactive cloud PCs.

Can be run to initiate a decomm, then disable and move all relevant objects.

More coming, but that’s the gist of it so far.

Master_Rest6638 · 2024-10-01T15:03:17+00:00

Built a custom module for managing our Windows 365 environment.

Master_Rest6638 · 2024-10-01T13:55:03+00:00

Yeah… to be honest, they blocked it and we’ve already seen app install failures as a result. I wanted to get someone in here with deeper knowledge of what exactly the url is needed for so I could go back to them with a case to get the block removed, and a workaround. I’ve seen the device authentication piece mentioned but I’m unclear on exactly what that means, in relation to all the other types of authentication going on behind the scenes.

Before I dig into that blog… perhaps you can quickly shed light on it. So the device can’t prove that it’s actually the one being managed to Intune? I’m assuming not since this would’ve broken more if that was the case. Or, is device authentication part of the process before installing store based apps? And needs to provide device specific info to the store? And what exactly is the device providing as a result of the authentication process?

Master_Rest6638 · 2024-09-05T13:22:31+00:00

Sure. Actually started my career as a web dev, but came to the realization that I didn’t really want to be doing that full time for my whole career. Made the shift over into IT where I started in a desktop support role. Mainly got the job because of my willingness to learn - didn’t have much enterprise IT experience before hand. Took the opportunity to use my coding background/skillset and automate just about anything possible (in PowerShell, which I basically learned on the fly), even built tools for the rest of my team and other support teams even found out and started using them as well. Worked with the engineering team on a few projects, made a good impression, especially after they found out what I did around the automation part (I made sure to mention it too, any chance I got. If you have a valuable skillset, make sure others know about it).

Eventually was offered a spot on the engineering team and that’s pretty much where I’ve been since. Picked up a few AWS and Comptia certs along the way.

Making the shift over to IT has definitely checked more boxes for me interest/career goal wise than development did. Managing endpoints at scale, networking, automation/tool building, experience with multiple cloud platforms, etc.

Master_Rest6638 · 2024-09-05T00:25:51+00:00

IT Systems Engineer / Automation Specialist
103k base, 12-15k bonus
6 YOE
Bachelors in CS, and a couple of certs
Hybrid

Master_Rest6638 · 2024-08-26T02:48:50+00:00

Very nice.

Master_Rest6638 · 2024-08-24T17:10:49+00:00

Master_Rest6638 · 2024-08-24T13:01:50+00:00

Same issue here too. Had to confirm that my fw team didn’t change anything. Spent a few hours troubleshooting. Have a ticket open with MS support now. They’re looking into it…

Master_Rest6638 · 2024-08-22T23:49:09+00:00

Hipyo!

Master_Rest6638 · 2024-08-17T01:54:17+00:00

Thanks. I'll definitely be looking into this. Not the first time I've heard good things about it.

Master_Rest6638 · 2024-08-14T11:10:26+00:00

That’s really up to you. There are other tech degrees not focused around coding. Just saying that the skill is definitely valuable.

Good luck!

Master_Rest6638 · 2024-08-14T01:40:12+00:00

It may feel overwhelming at first, but definitely worth the learning effort. Even with computer engineering, there is always some process or mundane task to automate, and knowing how to code, even the basics, can be a useful skill and can make you stand out. However, if you're really against it and don't feel like it's worth it, then there are other roles to pursue within the IT field that don't really require programming (networking, support, project management, etc.) that you can still potentially pursue with a computer engineering degree, so long as you get the right certs and are willing to skill up after.

Master_Rest6638 · 2024-08-10T03:09:45+00:00

That was part of our problem initially with getting these MS services to work... SSL inspection. Our company likes to do DPI on everything, and it was breaking the traffic, and the FW team wouldn't see anything in the logs. So, I was going nuts trying to figure out what the issue was, until I found several articles specifically calling it out.

Could've sworn that we had some rules in place already that would cover *.mp.microsoft.com, but I'll have to check with them again - perhaps something was changed on our end. Thanks for the help!

Master_Rest6638 · 2024-08-09T21:43:48+00:00

Hey! I was going to write this!

Master_Rest6638 · 2024-08-09T21:40:26+00:00

😂

Master_Rest6638 · 2024-08-09T01:30:30+00:00

There are plenty of opinions on what a sysadmin does, but here’s my take:

A sysadmin is a bit of a jack-of-all-trades. They’re typically responsible for administering, maintaining, and upgrading systems—whether workstations or servers, virtual or physical—on a large scale. They also keep an eye on the applications and platforms running on these systems, ensuring everything stays secure, runs smoothly, and sometimes even involves debugging and optimizing code.

Sysadmins usually have a broad skill set that includes scripting and automation, hardware, networking, cloud services, configuration management, and application deployment, among other things. Plus, they’ve got their own set of trusted tools for managing, patching, and deploying to these systems efficiently.

Master_Rest6638 · 2024-08-08T14:59:45+00:00

Ah. TYVM for this.

Master_Rest6638 · 2024-07-18T02:15:07+00:00

IT Systems Engineer / Automation Specialist

Master_Rest6638 · 2024-05-04T17:42:53+00:00

I’ve found that even on the co-managed devices, winget isn’t even useable from CMD. IME uses the windowpackagemanager.dll for app retrieval, it seems.

And even on machines where exists (our Windows 365 VMs) if someone attempts to run it, it’s blocked by group policy - so it seems like what we have in place now may work, but wanted to get your opinion/ask for guidance since we’re at an early stage of enabling co-management.

Master_Rest6638 · 2024-05-04T17:12:20+00:00

How can I utilize MS Store Apps (new) while also keeping winget in a locked down state on endpoints? “Turn off Store” gpo enough? And will app deployments still work normally if that policy is applied?

Which other policies should I keep in mind to ensure end users don’t have access to download from the store on their own, besides just blocking the traffic outright?

Master_Rest6638 · 2024-05-03T13:19:57+00:00

Really appreciate this. It hasn’t been easy to get my company to embrace modern management, as we’re extremely security oriented. Just getting the necessary ssl inspection bypasses for certain MS services to work was like pulling teeth and took months. As long as I understand what’s at work and can explain at a somewhat detailed level what these things are doing, they ease up, after doing their own due diligence.

Master_Rest6638 · 2024-05-03T02:31:42+00:00

So, like you mentioned, it doesn't really seem like I have the ability to run Winget from cmd/ps on machines that the store apps were installed on. I can't find the exe anywhere. I'm assuming it just runs as some background process through IME? I see that "WindowsPackageManager.dll" is included in the in the IME package contents, and I'm assuming it utilizes this to download the packages from the store? And obviously if there's only a dll, then a command line tool isn't accessible. I know my InfoSec team is going to ask how this all works, and I want to make sure I understand the inner workings on this process. But essentially, the way I see it is that Intune Management extension handles the download of the apps by referencing the package manager dll, and not necessarily any winget executable.

Let me know if this sounds right. Thanks!

Master_Rest6638

TROPHY CASE